Cybersecurity Center to Protect Medical Devices

It’s been almost ten years since security researcher Jay Radcliffe demonstrated how to hack into his own insulin pump onstage at a conference. He could have used the pump to inject a deadly dosage of the medication into his system if he’d chosen to. Instead, he asked that medical businesses pay attention to the security threat. According to Mike Johnson, a security technologies expert at the University of Minnesota’s Technological Leadership Institute, that presentation and others like it were “wake-up calls” about the dangers of connecting insecure Medical Devices to the internet.

Since then, the number of connected medical equipment – drug infusion pumps, pacemakers, and monitors — has exploded, making the problem much more urgent. According to security analysts, each hospital bed has an average of 10 to 15 internet-connected devices. One of the reasons the University of Minnesota established a new Center for Medical Devices Cybersecurity in conjunction with Medical Devices corporations like Medtronic and Boston Scientific at the beginning of September is to address this risk.

The facility will serve as a nexus for organisations that work with Medical Devices at all stages of their lives, from creation through use at a patient’s bedside. Johnson said, “We want to bring all of these participants into the process and hopefully give them tools.” Medical device security has been on security risk managers’ radar for at least a decade. In the field of healthcare, there has been a sudden boom of interest in connected devices. Today, 10 to 15 gadgets are connected per hospital bed, with a mix of bedside and maybe wearable or implanted equipment. The more components we add to a network, the more likely it is to be harmed.